fi
])
])
+
+AC_DEFUN([CHECK_SSL_CTX_SET1_CURVES_LIST],
+[
+AC_MSG_CHECKING([for SSL_CTX_set1_curves_list in SSL library])
+AC_LANG_PUSH(C)
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+AC_TRY_LINK([#include <openssl/ssl.h>],
+ [SSL_CTX *ctx = NULL; SSL_CTX_set1_curves_list(ctx, "test");],
+ has_curves=1,
+ has_curves=0)
+LIBS="$SAVE_LIBS"
+AC_LANG_POP(C)
+if test $has_curves = 1; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAS_SSL_CTX_SET1_CURVES_LIST], [], [Define if ssl library has SSL_CTX_set1_curves_list])
+else
+ AC_MSG_RESULT([no])
+fi
+])
fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_CTX_set1_curves_list in SSL library" >&5
+$as_echo_n "checking for SSL_CTX_set1_curves_list in SSL library... " >&6; }
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+SAVE_LIBS="$LIBS"
+LIBS="$LIBS $CRYPTOLIB"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <openssl/ssl.h>
+int
+main ()
+{
+SSL_CTX *ctx = NULL; SSL_CTX_set1_curves_list(ctx, "test");
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ has_curves=1
+else
+ has_curves=0
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS="$SAVE_LIBS"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+if test $has_curves = 1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define HAS_SSL_CTX_SET1_CURVES_LIST /**/" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
# Check whether --enable-dynamic-linking was given.
if test "${enable_dynamic_linking+set}" = set; then :
enableval=$enable_dynamic_linking; enable_dynamic_linking=$enableval
AC_ARG_WITH(system-pcre2, [AS_HELP_STRING([--with-system-pcre2], [Use the system pcre2 package instead of bundled, discovered using pkg-config])], [], [with_system_pcre2=no])
AC_ARG_WITH(system-cares, [AS_HELP_STRING([--without-system-cares], [Use bundled version instead of system c-ares. Normally autodetected via pkg-config.])], [], [with_system_cares=yes])
CHECK_SSL
+CHECK_SSL_CTX_SET1_CURVES_LIST
AC_ARG_ENABLE(dynamic-linking, [AS_HELP_STRING([--disable-dynamic-linking], [Make the IRCd statically link with shared objects rather than dynamically (noone knows if disabling dynamic linking actually does anything or not)])],
[enable_dynamic_linking=$enableval], [enable_dynamic_linking="yes"])
AS_IF([test $enable_dynamic_linking = "yes"],
/* Define if you have strcasecmp */
#undef GOT_STRCASECMP
+/* Define if ssl library has SSL_CTX_set1_curves_list */
+#undef HAS_SSL_CTX_SET1_CURVES_LIST
+
/* Define to 1 if you have the `bcmp' function. */
#undef HAVE_BCMP
else if (!strcmp(cepp->ce_varname, "ecdh-curves"))
{
CheckNull(cepp);
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#ifndef HAS_SSL_CTX_SET1_CURVES_LIST
config_error("ecdh-curves specified but your OpenSSL/LibreSSL library does not "
"support setting curves manually by name. Either upgrade to a "
"newer library version or remove the 'ecdh-curves' directive "
{
if (ssloptions->ecdh_curves)
{
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#ifdef HAS_SSL_CTX_SET1_CURVES_LIST
if (!SSL_CTX_set1_curves_list(ctx, ssloptions->ecdh_curves))
{
config_warn("Failed to set ecdh-curves '%s'. "